Intercepting inadvertent conversational disclosure of personal information

ABSTRACT

By intercepting a natural language communication of a protected party, the communication is monitored, wherein the protected party is a human being. Within the monitored communication using a natural language processing engine, a natural language interaction between the protected party and a second party is detected. To determine an interaction pattern, the natural language interaction is analyzed. The interaction pattern includes data derived from the monitored communication, metadata of the protected party, and metadata of the second party. Using the interaction pattern and an interaction behavior model, an adverse result of the natural language interaction is predicted, wherein the adverse result comprises an economic loss to the protected party. By notifying the protected party, the predicted adverse result is intercepted.

TECHNICAL FIELD

The present invention relates generally to a method, system, andcomputer program product for conversation monitoring. More particularly,the present invention relates to a method, system, and computer programproduct for intercepting inadvertent conversational disclosure ofpersonal information.

BACKGROUND

Marketing of products and services is often performed via atelecommunication network (for example, by telephone) or in person (forexample, by visiting a marketing target at home). Typically, themarketer initiates the communication. In a successful marketinginteraction, the marketer persuades a marketing target to make apurchase, enroll in a service, enter a promotional drawing in return forproviding personal or financial information, and the like. In addition,while many marketing interactions have a legitimate purpose, some arefraudulent. Non-marketing interactions can also have a fraudulentpurpose, such as an attempt to obtain private information for anillegitimate reason.

SUMMARY

The illustrative embodiments provide a method, system, and computerprogram product. An embodiment includes a method that monitors, byintercepting a natural language communication of a protected party, thecommunication, wherein the protected party is a human being. Anembodiment detects, within the monitored communication using a naturallanguage processing engine, a natural language interaction between theprotected party and a second party. An embodiment analyzes, to determinean interaction pattern, the natural language interaction, theinteraction pattern comprising data derived from the monitoredcommunication, metadata of the protected party, and metadata of thesecond party. An embodiment predicts, using the interaction pattern andan interaction behavior model, an adverse result of the natural languageinteraction, wherein the adverse result comprises an economic loss tothe protected party. An embodiment intercepts, by notifying theprotected party, the predicted adverse result.

An embodiment includes a computer usable program product. The computerusable program product includes one or more computer-readable storagedevices, and program instructions stored on at least one of the one ormore storage devices.

An embodiment includes a computer system. The computer system includesone or more processors, one or more computer-readable memories, and oneor more computer-readable storage devices, and program instructionsstored on at least one of the one or more storage devices for executionby at least one of the one or more processors via at least one of theone or more memories.

BRIEF DESCRIPTION OF THE DRAWINGS

Certain novel features believed characteristic of the invention are setforth in the appended claims. The invention itself, however, as well asa preferred mode of use, further objectives and advantages thereof, willbest be understood by reference to the following detailed description ofthe illustrative embodiments when read in conjunction with theaccompanying drawings, wherein:

FIG. 1 depicts a block diagram of a network of data processing systemsin which illustrative embodiments may be implemented;

FIG. 2 depicts a block diagram of a data processing system in whichillustrative embodiments may be implemented;

FIG. 3 depicts a block diagram of an example configuration forintercepting inadvertent conversational disclosure of personalinformation in accordance with an illustrative embodiment;

FIG. 4 depicts another block diagram of an example configuration forintercepting inadvertent conversational disclosure of personalinformation in accordance with an illustrative embodiment;

FIG. 5 depicts an example configuration for intercepting inadvertentconversational disclosure of personal information in accordance with anillustrative embodiment;

FIG. 6 depicts an example configuration for intercepting inadvertentconversational disclosure of personal information in accordance with anillustrative embodiment;

FIG. 7 depicts an example of intercepting inadvertent conversationaldisclosure of personal information in accordance with an illustrativeembodiment;

FIG. 8 depicts an example of trend monitoring in interceptinginadvertent conversational disclosure of personal information inaccordance with an illustrative embodiment; and

FIG. 9 depicts a flowchart of an example process for interceptinginadvertent conversational disclosure of personal information inaccordance with an illustrative embodiment.

DETAILED DESCRIPTION

The illustrative embodiments recognize that those responsible for thewelfare of others want to protect those others from making an unneededpurchase, enrolling in an unneeded service, assenting to a potentiallyharmful action, or providing personal or financial information to otherswho should not have these types of information. For example, an elderlyperson or a child may not realize the imprudence of providing personalinformation, such as a date of birth, identification number, or bankaccount information, in a situation where providing such information isnot actually necessary. As another example, an elderly person, a child,or a person with impaired cognition may be easily persuaded to make anunneeded purchase in response to a sales call.

As used herein, a conversation is a natural language interaction betweenat least two parties, a protected party and another. A protected partyis a human being who, using the illustrative embodiments, is beingprevented from inadvertently disclosing personal information or makingan undesired commitment in conversation. The other party may be a humanbeing or a machine. A conversation may be in voice form, text form,another form of natural language communication, or a combination of oneor more forms of natural language communication. As well, a conversationmay be in-person or mediated by a telecommunications network.

The illustrative embodiments recognize that there is an unmet need tomonitor a protected party's conversation, predict a trend in theconversation, and intercept the conversation before inadvertentdisclosure of personal information occurs.

The illustrative embodiments recognize that the presently availabletools or solutions do not address these needs or provide adequatesolutions for these needs. The illustrative embodiments used to describethe invention generally address and solve the above-described problemsand other problems related to intercepting inadvertent conversationaldisclosure of personal information.

An embodiment can be implemented as a software application. Theapplication implementing an embodiment can be configured as amodification of an existing environment monitoring or telecommunicationssystem, as a separate application that operates in conjunction with anexisting environment monitoring or telecommunications system, astandalone application, or some combination thereof.

Particularly, some illustrative embodiments provide a method formonitoring a protected party's conversation, predicting a trend in theconversation, and intercepting the conversation before inadvertentdisclosure of personal information occurs.

An embodiment monitors natural language communications of a protectedparty by intercepting such communications. One embodiment monitors boththe protected party and another party during a voice conversation over acommunication network. Another embodiment monitors both the protectedparty and another party during a text-based conversation over acommunication network. A conversation over or using a communicationsnetwork is referred to herein as a network-mediated conversation. Tomonitor a network-mediated conversation, an embodiment uses any suitableapplication. Non-limiting examples of a suitable application include atelephone communications application and a text communicationsapplication.

Another embodiment monitors a protected party's environment, includingboth network-mediated and in-person conversations of the protectedparty, using any communications means the embodiment is equipped tomonitor. One embodiment uses a microphone to monitor audio in theprotected party's environment. For example, a voice assistantapplication typically includes a suitable monitoring capability becausethe voice assistant typically monitors a user's environment to respondto the user's voice commands. As another example, because a hearing aidcan enhance audio in a user's environment, such a hearing aid couldinclude a suitable monitoring capability. Another embodiment uses avideo camera to monitor another type of communication of the protectedparty, for example text or sign language. One environment-monitoringembodiment only monitors the protected party's portion of anetwork-mediated conversation, while another environment-monitoringembodiment monitors another party to a network-mediated conversation aswell as the protected party.

Within the monitored communication, an embodiment uses a naturallanguage processing (NLP) engine to detect that a natural languageinteraction is occurring between the protected party and another party.To detect that a natural language interaction is occurring, anembodiment uses factors such as caller identification (for anetwork-mediated interaction), an identification of a voice other thanthe protected party's voice (for an in-person interaction monitored by amicrophone), a detection of a presence of a person other than theprotected party (for an in-person interaction monitored by a camera),and the like. An embodiment also converts detected speech to text, ifnecessary, and uses an NLP engine to determine that both the protectedparty and the other party are participating in the interaction.

An embodiment analyzes the natural language interaction, while it isoccurring, to determine an interaction pattern. An interaction patternincludes results obtained by analyzing the natural language interaction,including data derived from the monitored communication, metadata of theprotected party, and metadata of the second party. Some non-limitingexamples of data derived from the monitored communication are a topic ofthe interaction, and one or more specific natural language phrasesextracted from the interaction.

An interaction pattern also includes, if possible, an identification ofthe party interacting with the protected party. To identify the otherparty to a network-mediated interaction, an embodiment can use calleridentification information such as a telephone number of a caller to theprotected party and dialing information if the protected party initiatedthe communication. An embodiment can also match a telephone numberassociated with the other party with directory information such as aname associated with the other party. To identify the other party to anin-person interaction monitored by a microphone, an embodiment matches avoice monitored by the microphone with stored voice data. To identifythe other party to an in-person interaction monitored by a camera, anembodiment matches a face or body monitored by the camera with storedface or body data.

An interaction pattern also includes, if possible, an interactionhistory of the protected party with the identified other party. Forexample, if the other party has called the protected party multipletimes previously, each time using the same communication script, thisinteraction history can indicate a persistent sales caller that theprotected party should not continue to interact with. On the other hand,if the other party has a telephone number matching that of the protectedparty's physician's office, the party's interaction with the protectedparty is not likely to lead to a problematic disclosure.

An embodiment includes an interaction behavior model. In one embodiment,an interaction behavior model includes a set of rules. Each entry in theset of rules includes a natural language pattern, or a natural languagetext that, if matched in an interaction of a protected party, couldindicate that an adverse result is about to occur. An adverse result, asused herein, is a result that includes, or could lead to an economicloss to the protected party. One example of an adverse result is thepurchase of an unwanted or unnecessary item or service. Another exampleof an adverse result is an unauthorized charge on a credit card,resulting from providing credit card information to an untrustworthyparty. A third example of an adverse result is identity theft, resultingfrom providing personal information, such as date of birth, address, oridentification number, to an untrustworthy party.

Non-limiting examples of entries in a rule set, when spoken by aprotected party, are “my credit card number is”, “my date of birth is”,and “my bank account information is”, indicating that the protectedparty is about to disclose the corresponding information. Additionalexamples of entries in a rule set, when spoken by a protected party,include the first digits of the protected party's birthdate, credit cardnumber, or identification number, indicating that the protected partyhas already started to disclose the corresponding information.Non-limiting examples of entries in a rule set, when spoken by a partyother than a protected party, are “What's your social?” and “How do youwant to pay?”, because in response to questions like these, a protectedparty is likely to respond with the requested information. Additionalnon-limiting examples of entries in a rule set, when spoken by a partyother than a protected party, are “Do I have your permission to accessyour bank records” and “Do you agree to an ongoing subscription to ournewsletter at $79 a month?” because in response to questions like these,a protected party is likely to respond with an unwise agreement.

In addition to the set of rules, an interaction behavior model includesa set of exceptions to the rules. An exception is a natural language orother pattern that represents a circumstance in which a rule, althoughmatching an interaction of a protected party, does not apply because anadverse result is unlikely to occur.

One reason an adverse result is unlikely to occur is because theprotected party is interacting with another party that is trusted, i.e.a party with which the protected party can safely interact. To implementan exception based on interactions with a trusted party, an embodimentmaintains a set of identifications corresponding to trusted parties.Example identifications corresponding to a trusted party include atelephone number of a trusted party (for example, obtained using thecaller ID feature of a telephone network) and a voice matching a voicesample of a trusted party (for example, obtained by monitoring anin=person interaction of a protected party).

Another reason an adverse result is unlikely to occur could be becausethe protected party initiated the interaction. One embodiment assumesthat if a protected party initiated an interaction, the protected partyintended the interaction and understands the consequences of disclosinginformation during the interaction. However, another embodimentrecognizes that there are situations in which a protected partyinitiated the interaction, for example in response to an email orprevious call instructing the protected party to initiate aninteraction. This embodiment does not assume that if a protected partyinitiated the interaction an adverse result is unlikely to occur.

For example, although the example rule “my date of birth is” couldresult in the inappropriate disclosure of personal information if theprotected party were interacting in a telephone conversation with asales caller who had initiated the call, the same would not be the caseif the protected party had initiated a call to make an appointment at aphysician's office, where such information is both needed for medicalrecords and protected from disclosure. As a result, two exampleexceptions to this rule might be that the protected party initiated theconversation and that the identification information for the secondparty to the conversation matches identification information for atrusted party.

In another embodiment, an interaction behavior model is implementedusing a learning model, for example a neural network. Before being usedto perform a task, a learning model must be trained to perform the task.Thus, one method of training a learning interaction behavior model of anembodiment is to supply the model with sample interactions, both thosethat result in a party's personal information disclosure and those thatdo not. During training, the model learns to recognize interactionpatterns with a corresponding probability value of resulting in personalinformation disclosure.

An embodiment uses the interaction pattern and interaction behaviormodel to predict a future course of the interaction. In an embodimentusing a set of rules and optional exceptions to one or more rules, anembodiment determines whether the interaction pattern is above athreshold value of matching one or more rules. For example, consider aninteraction pattern including the phrase “what's your credit cardnumber?” Here, an interaction behavior model includes a rule specifyingthat an interrogatory statement including a string related to paymentinformation (e.g. “credit card”). As a result, the rule matches theinteraction pattern with a value of 95 percent, above an examplethreshold of 75 percent.

As another example, consider an interaction pattern including the phrase“what's your date of birth?” Here, an interaction behavior modelincludes a rule specifying that an interrogatory statement including astring related to date of birth information (e.g. “date of birth” or“birthday”). However, the model also includes a rule specifying that ifthe protected party is interacting with a trusted party, thedate-of-birth rule does not apply. Here, the interaction patternincludes the information that the protected party is interacting with aparty having caller identification matching an entity in the set oftrusted parties. As a result, although the interaction pattern matchesthe rule with a value of 99 percent, above an example threshold of 75percent, the interaction pattern also matches the exception with a valueof 98 percent, above an example threshold of 80 percent. As a result,the embodiment concludes that the protected party is interacting with atrusted party, and an adverse result is unlikely to result.

In an embodiment using a learning interaction behavior model, anembodiment determines whether the interaction pattern is above athreshold value of matching one or more patterns that the model haslearned are likely to result in personal information disclosure. Forexample, for the interaction pattern including the phrase “what's yourcredit card number?”, a learning interaction behavior model has learnedthat a pattern including the phrase “what's your” followed by one ofseveral variations of strings related to payment information (e.g.“credit card”) predicts an adverse result. As a result, when the learnedpattern matches the interaction pattern with a value of 80 percent,above an example threshold of 65 percent, the embodiment predicts anadverse result for the interaction pattern.

As another example, for the interaction pattern including the phrase“what's your date of birth?” and the information that the protectedparty is interacting with a trusted party, a learning interactionbehavior model has learned that a pattern including the phrase “what'syour” followed by one of several variations of strings related to dateof birth information (e.g. “date of birth” or “birthday”), but theprotected party is interacting with a trusted party, does not predict anadverse result. As a result, when the learned pattern matches theinteraction pattern with a value of 80 percent, above an examplethreshold of 65 percent, the embodiment does predicts an adverse resultfor the interaction pattern.

Thus, based on either a set of rules or a set of learned patterns, anembodiment determines a probability that an interaction pattern matchesa pattern likely to result in an adverse result. If the future course ofthe interaction includes a result that is likely to be adverse to theprotected party, an embodiment attempts to prevent the predicted resultby alerting the protected party or taking another prevention ormitigation step. For example, an alert can be an audible tone or warningmessage, a text warning message, a visual alert such as a flashinglight, or another signal or message.

An example prevention step for a network-mediated audio communication isto mute the protected party's microphone, preventing the protectedparty's next words from reaching the other party. An example preventionstep for a network-mediated text communication is to not send theprotected party's text communication, or to send the protected party'stext communication only once an embodiment has determined that the textcommunication does not include information the protected party shouldnot share.

An example mitigation step is to report the interaction, including anypersonal information the protected party disclosed, to another partyresponsible for the protected party, such as a caregiver or familymember. Once notified, the responsible party can act to mitigate theresults of the disclosure. For example, if notified that the protectedparty revealed credit card information, a family member could cancel thecredit card, preventing future unauthorized charges. Similarly, ifnotified that the protected party had committed to an unneeded service,a caregiver could cancel the service, preventing future losses. Otherexample mitigation steps include automatically canceling a revealedcredit card or unneeded service, without an intermediary.

In addition, an embodiment is configurable to explain a reason for analert or prevention or mitigation step. For example, an embodimentalerting a protected party to an imminent text disclosure of credit cardinformation could provide a message to the protected party, explainingthat disclosing credit card information in the particular circumstancesis unwise.

An embodiment uses the interaction pattern, the interaction behaviormodel, and any predicted or actual adverse results to identify andmonitor a trend in the protected party's behavior. One example trendmight be that the number of telephone calls from unknown callers aprotected party answers is increasing. Another example trend might bethat the lengths of a protected party's conversations with callers not alist of trusted callers are increasing. If a trend exceeds a thresholdvalue, or is changing at more than a threshold rate, an embodiment isconfigurable to report the trend to another party responsible for theprotected party, such as a caregiver or family member. A trend couldindicate an increasing propensity to disclose personal information. Atrend could also indicate a new or worsening symptom of the protectedparty. For example, an increasing number of long (above a thresholdtime) conversations with untrusted parties could be an early sign of acognitive illness, or a worsening cognitive condition, indicating thatthe protected party needs additional medical attention or another formof assistance.

An embodiment also uses the interaction pattern, the interactionbehavior model, and any predicted or actual adverse results to identifyand monitor a trend in behavior targeting the protected party. Forexample, an increase in a number of sales calls to patients at acaregiving facility could indicate that the facility is a particulartarget for these types of calls, and that the facility should takeprevention or mitigation steps. As another example, an increase in callsfrom a particular telephone number, a particular pattern of telephonenumbers, or in calls that use a particular interaction script could alsoindicate a particular pattern of caller behavior.

An embodiment using a learning interaction behavior model updates themodel based on an identified interaction pattern and any predicted oractual adverse results. In particular, an embodiment uses a differencebetween predicted and actual results for an interaction pattern toadjust the model so as to be more likely to make an accurate predictionif the same or a similar interaction pattern recurs. An embodiment alsouses actual results for a previously-unknown interaction pattern totrain the model to recognize such an interaction pattern.

The manner of intercepting inadvertent conversational disclosure ofpersonal information described herein is unavailable in the presentlyavailable methods in the technological field of endeavor pertaining tonatural language interaction prediction. A method of an embodimentdescribed herein, when implemented to execute on a device or dataprocessing system, comprises substantial advancement of thefunctionality of that device or data processing system in monitoring aprotected party's conversation, predicting a trend in the conversation,and intercepting the conversation before inadvertent disclosure ofpersonal information occurs.

The illustrative embodiments are described with respect to certain typesof parties, patterns, interactions, trends, thresholds, predictions,responses, adjustments, sensors, measurements, devices, data processingsystems, environments, components, and applications only as examples.Any specific manifestations of these and other similar artifacts are notintended to be limiting to the invention. Any suitable manifestation ofthese and other similar artifacts can be selected within the scope ofthe illustrative embodiments.

Furthermore, the illustrative embodiments may be implemented withrespect to any type of data, data source, or access to a data sourceover a data network. Any type of data storage device may provide thedata to an embodiment of the invention, either locally at a dataprocessing system or over a data network, within the scope of theinvention. Where an embodiment is described using a mobile device, anytype of data storage device suitable for use with the mobile device mayprovide the data to such embodiment, either locally at the mobile deviceor over a data network, within the scope of the illustrativeembodiments.

The illustrative embodiments are described using specific code, designs,architectures, protocols, layouts, schematics, and tools only asexamples and are not limiting to the illustrative embodiments.Furthermore, the illustrative embodiments are described in someinstances using particular software, tools, and data processingenvironments only as an example for the clarity of the description. Theillustrative embodiments may be used in conjunction with othercomparable or similarly purposed structures, systems, applications, orarchitectures. For example, other comparable mobile devices, structures,systems, applications, or architectures therefor, may be used inconjunction with such embodiment of the invention within the scope ofthe invention. An illustrative embodiment may be implemented inhardware, software, or a combination thereof.

The examples in this disclosure are used only for the clarity of thedescription and are not limiting to the illustrative embodiments.Additional data, operations, actions, tasks, activities, andmanipulations will be conceivable from this disclosure and the same arecontemplated within the scope of the illustrative embodiments.

Any advantages listed herein are only examples and are not intended tobe limiting to the illustrative embodiments. Additional or differentadvantages may be realized by specific illustrative embodiments.Furthermore, a particular illustrative embodiment may have some, all, ornone of the advantages listed above.

With reference to the figures and in particular with reference to FIGS.1 and 2, these figures are example diagrams of data processingenvironments in which illustrative embodiments may be implemented. FIGS.1 and 2 are only examples and are not intended to assert or imply anylimitation with regard to the environments in which differentembodiments may be implemented. A particular implementation may makemany modifications to the depicted environments based on the followingdescription.

FIG. 1 depicts a block diagram of a network of data processing systemsin which illustrative embodiments may be implemented. Data processingenvironment 100 is a network of computers in which the illustrativeembodiments may be implemented. Data processing environment 100 includesnetwork 102. Network 102 is the medium used to provide communicationslinks between various devices and computers connected together withindata processing environment 100. Network 102 may include connections,such as wire, wireless communication links, or fiber optic cables.

Clients or servers are only example roles of certain data processingsystems connected to network 102 and are not intended to exclude otherconfigurations or roles for these data processing systems. Server 104and server 106 couple to network 102 along with storage unit 108.Software applications may execute on any computer in data processingenvironment 100. Clients 110, 112, and 114 are also coupled to network102. A data processing system, such as server 104 or 106, or client 110,112, or 114 may contain data and may have software applications orsoftware tools executing thereon.

Only as an example, and without implying any limitation to sucharchitecture, FIG. 1 depicts certain components that are usable in anexample implementation of an embodiment. For example, servers 104 and106, and clients 110, 112, 114, are depicted as servers and clients onlyas example and not to imply a limitation to a client-serverarchitecture. As another example, an embodiment can be distributedacross several data processing systems and a data network as shown,whereas another embodiment can be implemented on a single dataprocessing system within the scope of the illustrative embodiments. Dataprocessing systems 104, 106, 110, 112, and 114 also represent examplenodes in a cluster, partitions, and other configurations suitable forimplementing an embodiment.

Device 132 is an example of a device described herein. For example,device 132 can take the form of a smartphone, a tablet computer, alaptop computer, client 110 in a stationary or a portable form, awearable computing device, or any other suitable device. Any softwareapplication described as executing in another data processing system inFIG. 1 can be configured to execute in device 132 in a similar manner.Any data or information stored or produced in another data processingsystem in FIG. 1 can be configured to be stored or produced in device132 in a similar manner. Device 132 includes microphone 134.

Application 105 implements an embodiment described herein. Application105 uses NLP engine 136. Application 105 and NLP engine 136 can executein any of servers 104 and 106, clients 110, 112, and 114, and device132. In addition, application 105 and NLP engine 136 need not execute inthe same system. Further, application 105 makes use of any suitablemonitoring sensor, for example but not limited to microphone 134, whichneed not be collocated with a system on which application 105 executes.

Servers 104 and 106, storage unit 108, and clients 110, 112, and 114,and device 132 may couple to network 102 using wired connections,wireless communication protocols, or other suitable data connectivity.Clients 110, 112, and 114 may be, for example, personal computers ornetwork computers.

In the depicted example, server 104 may provide data, such as bootfiles, operating system images, and applications to clients 110, 112,and 114. Clients 110, 112, and 114 may be clients to server 104 in thisexample. Clients 110, 112, 114, or some combination thereof, may includetheir own data, boot files, operating system images, and applications.Data processing environment 100 may include additional servers, clients,and other devices that are not shown.

In the depicted example, data processing environment 100 may be theInternet. Network 102 may represent a collection of networks andgateways that use the Transmission Control Protocol/Internet Protocol(TCP/IP) and other protocols to communicate with one another. At theheart of the Internet is a backbone of data communication links betweenmajor nodes or host computers, including thousands of commercial,governmental, educational, and other computer systems that route dataand messages. Of course, data processing environment 100 also may beimplemented as a number of different types of networks, such as forexample, an intranet, a local area network (LAN), or a wide area network(WAN). FIG. 1 is intended as an example, and not as an architecturallimitation for the different illustrative embodiments.

Among other uses, data processing environment 100 may be used forimplementing a client-server environment in which the illustrativeembodiments may be implemented. A client-server environment enablessoftware applications and data to be distributed across a network suchthat an application functions by using the interactivity between aclient data processing system and a server data processing system. Dataprocessing environment 100 may also employ a service orientedarchitecture where interoperable software components distributed acrossa network may be packaged together as coherent business applications.Data processing environment 100 may also take the form of a cloud, andemploy a cloud computing model of service delivery for enablingconvenient, on-demand network access to a shared pool of configurablecomputing resources (e.g. networks, network bandwidth, servers,processing, memory, storage, applications, virtual machines, andservices) that can be rapidly provisioned and released with minimalmanagement effort or interaction with a provider of the service.

With reference to FIG. 2, this figure depicts a block diagram of a dataprocessing system in which illustrative embodiments may be implemented.Data processing system 200 is an example of a computer, such as servers104 and 106, or clients 110, 112, and 114 in FIG. 1, or another type ofdevice in which computer usable program code or instructionsimplementing the processes may be located for the illustrativeembodiments.

Data processing system 200 is also representative of a data processingsystem or a configuration therein, such as data processing system 132 inFIG. 1 in which computer usable program code or instructionsimplementing the processes of the illustrative embodiments may belocated. Data processing system 200 is described as a computer only asan example, without being limited thereto. Implementations in the formof other devices, such as device 132 in FIG. 1, may modify dataprocessing system 200, such as by adding a touch interface, and eveneliminate certain depicted components from data processing system 200without departing from the general description of the operations andfunctions of data processing system 200 described herein.

In the depicted example, data processing system 200 employs a hubarchitecture including North Bridge and memory controller hub (NB/MCH)202 and South Bridge and input/output (I/O) controller hub (SB/ICH) 204.Processing unit 206, main memory 208, and graphics processor 210 arecoupled to North Bridge and memory controller hub (NB/MCH) 202.Processing unit 206 may contain one or more processors and may beimplemented using one or more heterogeneous processor systems.Processing unit 206 may be a multi-core processor. Graphics processor210 may be coupled to NB/MCH 202 through an accelerated graphics port(AGP) in certain implementations.

In the depicted example, local area network (LAN) adapter 212 is coupledto South Bridge and I/O controller hub (SB/ICH) 204. Audio adapter 216,keyboard and mouse adapter 220, modem 222, read only memory (ROM) 224,universal serial bus (USB) and other ports 232, and PCI/PCIe devices 234are coupled to South Bridge and I/O controller hub 204 through bus 238.Hard disk drive (HDD) or solid-state drive (SSD) 226 and CD-ROM 230 arecoupled to South Bridge and I/O controller hub 204 through bus 240.PCI/PCIe devices 234 may include, for example, Ethernet adapters, add-incards, and PC cards for notebook computers. PCI uses a card buscontroller, while PCIe does not. ROM 224 may be, for example, a flashbinary input/output system (BIOS). Hard disk drive 226 and CD-ROM 230may use, for example, an integrated drive electronics (IDE), serialadvanced technology attachment (SATA) interface, or variants such asexternal-SATA (eSATA) and micro-SATA (mSATA). A super I/O (SIO) device236 may be coupled to South Bridge and I/O controller hub (SB/ICH) 204through bus 238.

Memories, such as main memory 208, ROM 224, or flash memory (not shown),are some examples of computer usable storage devices. Hard disk drive orsolid state drive 226, CD-ROM 230, and other similarly usable devicesare some examples of computer usable storage devices including acomputer usable storage medium.

An operating system runs on processing unit 206. The operating systemcoordinates and provides control of various components within dataprocessing system 200 in FIG. 2. The operating system may be acommercially available operating system for any type of computingplatform, including but not limited to server systems, personalcomputers, and mobile devices. An object oriented or other type ofprogramming system may operate in conjunction with the operating systemand provide calls to the operating system from programs or applicationsexecuting on data processing system 200.

Instructions for the operating system, the object-oriented programmingsystem, and applications or programs, such as application 105 and NLPengine 136 in FIG. 1, are located on storage devices, such as in theform of code 226A on hard disk drive 226, and may be loaded into atleast one of one or more memories, such as main memory 208, forexecution by processing unit 206. The processes of the illustrativeembodiments may be performed by processing unit 206 using computerimplemented instructions, which may be located in a memory, such as, forexample, main memory 208, read only memory 224, or in one or moreperipheral devices.

Furthermore, in one case, code 226A may be downloaded over network 201Afrom remote system 201B, where similar code 201C is stored on a storagedevice 201D. in another case, code 226A may be downloaded over network201A to remote system 201B, where downloaded code 201C is stored on astorage device 201D.

The hardware in FIGS. 1-2 may vary depending on the implementation.Other internal hardware or peripheral devices, such as flash memory,equivalent non-volatile memory, or optical disk drives and the like, maybe used in addition to or in place of the hardware depicted in FIGS.1-2. In addition, the processes of the illustrative embodiments may beapplied to a multiprocessor data processing system.

In some illustrative examples, data processing system 200 may be apersonal digital assistant (PDA), which is generally configured withflash memory to provide non-volatile memory for storing operating systemfiles and/or user-generated data. A bus system may comprise one or morebuses, such as a system bus, an I/O bus, and a PCI bus. Of course, thebus system may be implemented using any type of communications fabric orarchitecture that provides for a transfer of data between differentcomponents or devices attached to the fabric or architecture.

A communications unit may include one or more devices used to transmitand receive data, such as a modem or a network adapter. A memory may be,for example, main memory 208 or a cache, such as the cache found inNorth Bridge and memory controller hub 202. A processing unit mayinclude one or more processors or CPUs.

The depicted examples in FIGS. 1-2 and above-described examples are notmeant to imply architectural limitations. For example, data processingsystem 200 also may be a tablet computer, laptop computer, or telephonedevice in addition to taking the form of a mobile or wearable device.

Where a computer or data processing system is described as a virtualmachine, a virtual device, or a virtual component, the virtual machine,virtual device, or the virtual component operates in the manner of dataprocessing system 200 using virtualized manifestation of some or allcomponents depicted in data processing system 200. For example, in avirtual machine, virtual device, or virtual component, processing unit206 is manifested as a virtualized instance of all or some number ofhardware processing units 206 available in a host data processingsystem, main memory 208 is manifested as a virtualized instance of allor some portion of main memory 208 that may be available in the hostdata processing system, and disk 226 is manifested as a virtualizedinstance of all or some portion of disk 226 that may be available in thehost data processing system. The host data processing system in suchcases is represented by data processing system 200.

With reference to FIG. 3, this figure depicts a block diagram of anexample configuration for intercepting inadvertent conversationaldisclosure of personal information in accordance with an illustrativeembodiment. Application 300 is an example of application 105 in FIG. 1and executes in any of servers 104 and 106, clients 110, 112, and 114,and device 132 in FIG. 1.

Protected party monitoring module 310 monitors natural languagecommunications of a protected party by intercepting such communications.Module 310 is configurable to monitor both the protected party andanother party during a voice or text-based conversation over acommunication network, using data from an application such as atelephone communications application or a text communicationsapplication. Module 310 is also configurable to monitor a protectedparty's environment, including both network-mediated and in-personconversations of the protected party, using any sensor to whichapplication 300 has access. For example, module 310 can use a microphoneto monitor audio in the protected party's environment, or a video camerato monitor another type of communication of the protected party, forexample text or sign language.

Within the monitored communication, module 310 uses a natural languageprocessing (NLP) engine to detect that a natural language interaction isoccurring between the protected party and another party. To detect thata natural language interaction is occurring, module 310 uses factorssuch as caller identification (for a network-mediated interaction), anidentification of a voice other than the protected party's voice (for anin-person interaction monitored by a microphone), a detection of apresence of a person other than the protected party (for an in-personinteraction monitored by a camera), and the like. An embodiment alsoconverts detected speech to text, if necessary, and uses an NLP engineto determine that both the protected party and the other party areparticipating in the interaction.

Module 310 analyzes the natural language interaction, while it isoccurring, to determine an interaction pattern. Module 310 uses theinteraction pattern and interaction behavior model 320 to predict afuture course of the interaction. One implementation of interactionbehavior model 320 includes a set of rules. Each entry in the set ofrules includes a natural language pattern, or a natural language textthat, if matched in an interaction of a protected party, could indicatethat an adverse result is about to occur. A rule-based implementation ofinteraction behavior model 320 also includes a set of exceptions to therules. An exception is a circumstance in which a rule, although matchingan interaction of a protected party, does not apply because an adverseresult is unlikely to occur. Another implementation of interactionbehavior model 320 uses a learning model, for example a neural network,that is trained to recognize interaction patterns with a correspondingprobability value of resulting in personal information disclosure.

In particular, module 310 determines a probability that an interactionpattern matches a pattern likely to result in an adverse result. If thefuture course of the interaction includes a result that is likely to beadverse to the protected party, warning module 340 attempts to preventthe predicted result by alerting the protected party or taking anotherprevention or mitigation step. An alert can be an audible tone orwarning message, a text warning message, a visual alert such as aflashing light, or another signal or message. One prevention step for anetwork-mediated audio communication mutes the protected party'smicrophone, preventing the protected party's next words from reachingthe other party. A prevention step for a network-mediated textcommunication does not send the protected party's text communication, orsends the protected party's text communication only once module 340 hasdetermined that the text communication does not include information theprotected party should not share. In a mitigation step, module 340reports the interaction, including any personal information theprotected party disclosed, to another party responsible for theprotected party, such as a caregiver or family member. In addition,warning module 340 is configurable to explain a reason for an alert orprevention or mitigation step. For example, an embodiment alerting aprotected party to an imminent text disclosure of credit cardinformation could provide a message to the protected party, explainingthat disclosing credit card information in the particular circumstancesis unwise.

Trend monitoring module 330 uses the interaction pattern, theinteraction behavior model, and any predicted or actual adverse resultsto identify and monitor a trend in the protected party's behavior. Oneexample trend might be that the number of telephone calls from unknowncallers a protected party answers is increasing. Another example trendmight be that the protected party's conversations with callers not alist of trusted callers is increasing. If a trend exceeds a thresholdvalue, or is changing at more than a threshold rate, warning module 340reports the trend to another party responsible for the protected party,such as a caregiver or family member. A trend could indicate anincreasing propensity to disclose personal information, or a new orworsening symptom of the protected party.

With reference to FIG. 4, this figure depicts another block diagram ofan example configuration for intercepting inadvertent conversationaldisclosure of personal information in accordance with an illustrativeembodiment. In particular, FIG. 4 depicts more detail of protected partymonitoring module 310 in FIG. 3.

Speech to text module 410 converts speech, monitored using a microphone,to text. If application 300 is equipped with a visual monitoringcapability, such as a video camera, module 410 is also configurable toconvert visual information, such as American sign language, to text aswell.

Party identification module 420 performs caller identification (for anetwork-mediated interaction), an identification of a voice other thanthe protected party's voice (for an in-person interaction monitored by amicrophone), a detection of a presence of a person other than theprotected party (for an in-person interaction monitored by a camera),and the like. To identify the other party to a network-mediatedinteraction, module 420 can use caller identification information suchas a telephone number of a caller to the protected party and dialinginformation if the protected party initiated the communication. Module420 can also match a telephone number associated with the other partywith directory information such as a name associated with the otherparty. To identify the other party to an in-person interaction monitoredby a microphone, module 420 matches a voice monitored by the microphonewith stored voice data. To identify the other party to an in-personinteraction monitored by a camera, module 420 matches a face or bodymonitored by the camera with stored face or body data.

Pattern matching module 430 analyzes the natural language interaction,while it is occurring, to determine an interaction pattern. Module 430also uses the interaction pattern and interaction behavior model 320 topredict a future course of the interaction. In an rule-basedimplementation of model 320, module 430 determines whether theinteraction pattern is above a threshold value of matching one or morerules. In a learning model based implementation of model 320, module 430determines whether the interaction pattern is above a threshold value ofmatching one or more patterns that the model has learned are likely toresult in personal information disclosure.

With reference to FIG. 5, this figure depicts an example configurationfor intercepting inadvertent conversational disclosure of personalinformation in accordance with an illustrative embodiment. The examplecan be implemented using application 300 in FIG. 3.

In particular, FIG. 5 depicts example rule set 510 and example exceptionset 530, for a rule-based implementation of an interaction behaviormodel.

Rule set 510 includes entries 512, 514, 516, 518, and 520, eachincluding a natural language pattern, or a natural language text that,if matched in an interaction of a protected party, could indicate thatan adverse result is about to occur. For example, entry 512, “My creditcard number is”, is a natural language pattern indicating that thespeaker is likely to complete the sentence by reciting credit cardinformation. A protected party's reciting of credit card informationcould indicate that the protected party is making a purchase orproviding personal information to another party that should not havethis particular personal information.

Exception set 530 includes entries 532 and 534, natural languagepatterns that represents a circumstance in which a rule, althoughmatching an interaction of a protected party, does not apply because anadverse result is unlikely to occur. For example, rule set 510 includesentry 514, “my date of birth is”, because disclosing one's date of birthcould result in the inappropriate disclosure of personal information ifthe protected party were interacting in a telephone conversation with asales caller who had initiated the call. However, the same would not bethe case if the protected party had initiated a call to make anappointment at a physician's office, where such information is bothneeded for medical records and protected from disclosure. As a result,entry 532 provides an example exception to rule 514: the protected partyinitiated the conversation. Entry 534 provides another example exceptionto rule 514: that the identification information for the second party tothe conversation matches identification information for a trusted party.

With reference to FIG. 6, this figure depicts an example configurationfor intercepting inadvertent conversational disclosure of personalinformation in accordance with an illustrative embodiment. The examplecan be implemented using application 300 in FIG. 3. Interaction behaviormodel 320 is the same as interaction behavior model 320 in FIG. 3.

In particular, FIG. 6 depicts example training conversations 610 and620, for use in training a learning interaction behavior model 320.Conversation 610 has a high probability of resulting in a protectedparty's disclosing credit card information, and conversation 620 has ahigh probability of resulting in a protected party's disclosing bankaccount information. Thus, if an interaction pattern is above athreshold value of matching conversation 610 or 620, the interactionpattern also has an above-threshold probability of a protected party'sdisclosing credit card or bank account information.

With reference to FIG. 7, this figure depicts an example of interceptinginadvertent conversational disclosure of personal information inaccordance with an illustrative embodiment. The example can beimplemented using application 300 in FIG. 3.

In particular, FIG. 7 depicts example conversations 710 and 720.Application 300 determines that conversation 710 has a high probabilityof resulting in a protected party's disclosing credit card information,either because the interaction pattern corresponding to conversation 710is above a threshold value of matching one or more rules, and noexceptions, in a rule-based interaction behavior model, or becauseconversation 710 is above a threshold value of matching one or more of alearning interaction behavior model's learned patterns that have a highprobability of resulting in a protected party's disclosing bank accountinformation. Thus, conversation 710 also has an above-thresholdprobability of a protected party's disclosing credit card or bankaccount information and application 300 generates an alert, interceptingthe disclosure. However, application 300 determines that conversation720 has a low probability of resulting in a protected party's disclosingdate of birth information, either because the interaction patterncorresponding to conversation 720 is above a threshold value of matchingone or more rules and exceptions, in a rule-based interaction behaviormodel, or because conversation 720 is below a threshold value ofmatching one or more of a learning interaction behavior model's learnedpatterns that have a high probability of resulting in a protectedparty's disclosing date of birth information to an untrusted party.Thus, conversation 720 also has an below-threshold probability of aprotected party's disclosing date of birth information to an untrustedparty and application 300 allows the disclosure to proceed withoutgenerating an alert or interception.

With reference to FIG. 8, this figure depicts an example of trendmonitoring in intercepting inadvertent conversational disclosure ofpersonal information in accordance with an illustrative embodiment. Theexample can be implemented using application 300 in FIG. 3.

As depicted, application 300 has used the interaction pattern, theinteraction behavior model, and any predicted or actual adverse resultsto identify and monitor two trends in the protected party's behavior.Example trend 810 depicts a graph indicating that the number oftelephone calls from unknown callers a protected party answers isincreasing. When the number of answered telephone calls from unknowncallers rises above threshold 815, application 300 reports the trend toanother party responsible for the protected party, such as a caregiveror family member. Example trend 820 depicts a graph indicating that thelengths of a protected party's conversations with callers not a list oftrusted callers are increasing. When the conversation length rises abovethreshold 825, application 300 reports the trend to another partyresponsible for the protected party, such as a caregiver or familymember.

With reference to FIG. 9, this figure depicts a flowchart of an exampleprocess for intercepting inadvertent conversational disclosure ofpersonal information in accordance with an illustrative embodiment.Process 900 can be implemented in application 300 in FIG. 3.

In block 902, the application monitors an intercepted conversation of aprotected party. In block 904, the application uses a natural languageprocessing engine to detect a natural language interaction between theprotected party and another party. In block 906, the applicationanalyzes the interaction to determine an interaction pattern. In block908, the application checks whether the interaction pattern matches apattern or rule requiring adverse result prevention. If yes (“YES” pathof block 908), in block 910 the application generates an appropriatealert that intercepts the predicted adverse result, then ends. If not(“NO” path of block 908), in block 912 the application checks whetherthe interaction pattern matches a pattern or rule requiring trend datacollection. If yes (“YES” path of block 912), in block 914 theapplication collects. trend data corresponding to the pattern or rule,then (also “NO” path of block 912) returns to block 902 to continue themonitoring.

Thus, a computer implemented method, system or apparatus, and computerprogram product are provided in the illustrative embodiments forintercepting inadvertent conversational disclosure of personalinformation and other related features, functions, or operations. Wherean embodiment or a portion thereof is described with respect to a typeof device, the computer implemented method, system or apparatus, thecomputer program product, or a portion thereof, are adapted orconfigured for use with a suitable and comparable manifestation of thattype of device.

Where an embodiment is described as implemented in an application, thedelivery of the application in a Software as a Service (SaaS) model iscontemplated within the scope of the illustrative embodiments. In a SaaSmodel, the capability of the application implementing an embodiment isprovided to a user by executing the application in a cloudinfrastructure. The user can access the application using a variety ofclient devices through a thin client interface such as a web browser(e.g., web-based e-mail), or other light-weight client-applications. Theuser does not manage or control the underlying cloud infrastructureincluding the network, servers, operating systems, or the storage of thecloud infrastructure. In some cases, the user may not even manage orcontrol the capabilities of the SaaS application. In some other cases,the SaaS implementation of the application may permit a possibleexception of limited user-specific application configuration settings.

The present invention may be a system, a method, and/or a computerprogram product at any possible technical detail level of integration.The computer program product may include a computer readable storagemedium (or media) having computer readable program instructions thereonfor causing a processor to carry out aspects of the present invention.

The computer readable storage medium can be a tangible device that canretain and store instructions for use by an instruction executiondevice. The computer readable storage medium may be, for example, but isnot limited to, an electronic storage device, a magnetic storage device,an optical storage device, an electromagnetic storage device, asemiconductor storage device, or any suitable combination of theforegoing. A non-exhaustive list of more specific examples of thecomputer readable storage medium includes the following: a portablecomputer diskette, a hard disk, a random access memory (RAM), aread-only memory (ROM), an erasable programmable read-only memory (EPROMor Flash memory), a static random access memory (SRAM), a portablecompact disc read-only memory (CD-ROM), a digital versatile disk (DVD),a memory stick, a floppy disk, a mechanically encoded device such aspunch-cards or raised structures in a groove having instructionsrecorded thereon, and any suitable combination of the foregoing. Acomputer readable storage medium, as used herein, is not to be construedas being transitory signals per se, such as radio waves or other freelypropagating electromagnetic waves, electromagnetic waves propagatingthrough a waveguide or other transmission media (e.g., light pulsespassing through a fiber-optic cable), or electrical signals transmittedthrough a wire.

Computer readable program instructions described herein can bedownloaded to respective computing/processing devices from a computerreadable storage medium or to an external computer or external storagedevice via a network, for example, the Internet, a local area network, awide area network and/or a wireless network. The network may comprisecopper transmission cables, optical transmission fibers, wirelesstransmission, routers, firewalls, switches, gateway computers and/oredge servers. A network adapter card or network interface in eachcomputing/processing device receives computer readable programinstructions from the network and forwards the computer readable programinstructions for storage in a computer readable storage medium withinthe respective computing/processing device.

Computer readable program instructions for carrying out operations ofthe present invention may be assembler instructions,instruction-set-architecture (ISA) instructions, machine instructions,machine dependent instructions, microcode, firmware instructions,state-setting data, configuration data for integrated circuitry, oreither source code or object code written in any combination of one ormore programming languages, including an object oriented programminglanguage such as Smalltalk, C++, or the like, and procedural programminglanguages, such as the “C” programming language or similar programminglanguages. The computer readable program instructions may executeentirely on the user's computer, partly on the user's computer, as astand-alone software package, partly on the user's computer and partlyon a remote computer or entirely on the remote computer or server. Inthe latter scenario, the remote computer may be connected to the user'scomputer through any type of network, including a local area network(LAN) or a wide area network (WAN), or the connection may be made to anexternal computer (for example, through the Internet using an InternetService Provider). In some embodiments, electronic circuitry including,for example, programmable logic circuitry, field-programmable gatearrays (FPGA), or programmable logic arrays (PLA) may execute thecomputer readable program instructions by utilizing state information ofthe computer readable program instructions to personalize the electroniccircuitry, in order to perform aspects of the present invention.

Aspects of the present invention are described herein with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems), and computer program products according to embodiments of theinvention. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer readable program instructions.

These computer readable program instructions may be provided to aprocessor of a general purpose computer, special purpose computer, orother programmable data processing apparatus to produce a machine, suchthat the instructions, which execute via the processor of the computeror other programmable data processing apparatus, create means forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks. These computer readable program instructionsmay also be stored in a computer readable storage medium that can directa computer, a programmable data processing apparatus, and/or otherdevices to function in a particular manner, such that the computerreadable storage medium having instructions stored therein comprises anarticle of manufacture including instructions which implement aspects ofthe function/act specified in the flowchart and/or block diagram blockor blocks.

The computer readable program instructions may also be loaded onto acomputer, other programmable data processing apparatus, or other deviceto cause a series of operational steps to be performed on the computer,other programmable apparatus or other device to produce a computerimplemented process, such that the instructions which execute on thecomputer, other programmable apparatus, or other device implement thefunctions/acts specified in the flowchart and/or block diagram block orblocks.

The flowchart and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods, and computer program products according to variousembodiments of the present invention. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof instructions, which comprises one or more executable instructions forimplementing the specified logical function(s). In some alternativeimplementations, the functions noted in the blocks may occur out of theorder noted in the Figures. For example, two blocks shown in successionmay, in fact, be executed substantially concurrently, or the blocks maysometimes be executed in the reverse order, depending upon thefunctionality involved. It will also be noted that each block of theblock diagrams and/or flowchart illustration, and combinations of blocksin the block diagrams and/or flowchart illustration, can be implementedby special purpose hardware-based systems that perform the specifiedfunctions or acts or carry out combinations of special purpose hardwareand computer instructions.

What is claimed is:
 1. A computer-implemented method comprising:monitoring, by intercepting a natural language communication of aprotected party, the communication, wherein the protected party is ahuman being; detecting, within the monitored communication using anatural language processing engine, a natural language interactionbetween the protected party and a second party; analyzing, to determinean interaction pattern, the natural language interaction, theinteraction pattern comprising data derived from the monitoredcommunication, metadata of the protected party, and metadata of thesecond party; predicting, using the interaction pattern and aninteraction behavior model, an adverse result of the natural languageinteraction, wherein the adverse result comprises an economic loss tothe protected party; and intercepting, by notifying the protected party,the predicted adverse result.
 2. The computer-implemented method ofclaim 1, wherein the interaction behavior model comprises a set ofrules, a rule in the set of rules comprising an interaction patternpredictive of an adverse result.
 3. The computer-implemented method ofclaim 2, wherein the interaction behavior model further comprises a setof exceptions, an exception in the set of exceptions comprising aninteraction pattern for which a rule in the set of rules does not apply.4. The computer-implemented method of claim 1, wherein the interactionbehavior model comprises a learning model, the learning model trained torecognize an interaction patterns predictive of an adverse result. 5.The computer-implemented method of claim 4, wherein the learning modelis further trained using the interaction pattern, the adverse result,and a response of the protected party to the adverse result.
 6. Thecomputer-implemented method of claim 1, further comprising: preventing,as part of the notifying, a communication of the protected party fromreaching the second party.
 7. The computer-implemented method of claim1, further comprising: analyzing, to determine a second interactionpattern, a second natural language interaction between the protectedparty and a third party; predicting, using the second interactionpattern and the interaction behavior model, a second adverse result ofthe second natural language interaction; and analyzing, to generatetrend data of the protected party, the interaction pattern, thepredicted adverse result, the second interaction pattern, and the secondadverse result.
 8. The computer-implemented method of claim 7, furthercomprising: generating, responsive to a portion of the trend data beingoutside of a threshold range of values, a trend alert.
 9. A computerusable program product comprising one or more computer-readable storagedevices, and program instructions stored on at least one of the one ormore storage devices, the stored program instructions comprising:program instructions to monitor, by intercepting a natural languagecommunication of a protected party, the communication, wherein theprotected party is a human being; program instructions to detect, withinthe monitored communication using a natural language processing engine,a natural language interaction between the protected party and a secondparty; program instructions to analyze, to determine an interactionpattern, the natural language interaction, the interaction patterncomprising data derived from the monitored communication, metadata ofthe protected party, and metadata of the second party; programinstructions to predict, using the interaction pattern and aninteraction behavior model, an adverse result of the natural languageinteraction, wherein the adverse result comprises an economic loss tothe protected party; and program instructions to intercept, by notifyingthe protected party, the predicted adverse result.
 10. The computerusable program product of claim 9, wherein the interaction behaviormodel comprises a set of rules, a rule in the set of rules comprising aninteraction pattern predictive of an adverse result.
 11. The computerusable program product of claim 10, wherein the interaction behaviormodel further comprises a set of exceptions, an exception in the set ofexceptions comprising an interaction pattern for which a rule in the setof rules does not apply.
 12. The computer usable program product ofclaim 9, wherein the interaction behavior model comprises a learningmodel, the learning model trained to recognize an interaction patternspredictive of an adverse result.
 13. The computer usable program productof claim 12, wherein the learning model is further trained using theinteraction pattern, the adverse result, and a response of the protectedparty to the adverse result.
 14. The computer usable program product ofclaim 9, further comprising: program instructions to prevent, as part ofthe notifying, a communication of the protected party from reaching thesecond party.
 15. The computer usable program product of claim 9,further comprising: program instructions to analyze, to determine asecond interaction pattern, a second natural language interactionbetween the protected party and a third party; program instructions topredict, using the second interaction pattern and the interactionbehavior model, a second adverse result of the second natural languageinteraction; and program instructions to analyze, to generate trend dataof the protected party, the interaction pattern, the predicted adverseresult, the second interaction pattern, and the second adverse result.16. The computer usable program product of claim 15, further comprising:program instructions to generate, responsive to a portion of the trenddata being outside of a threshold range of values, a trend alert. 17.The computer usable program product of claim 9, wherein the computerusable code is stored in a computer readable storage device in a dataprocessing system, and wherein the computer usable code is transferredover a network from a remote data processing system.
 18. The computerusable program product of claim 9, wherein the computer usable code isstored in a computer readable storage device in a server data processingsystem, and wherein the computer usable code is downloaded over anetwork to a remote data processing system for use in a computerreadable storage device associated with the remote data processingsystem.
 19. A computer system comprising one or more processors, one ormore computer-readable memories, and one or more computer-readablestorage devices, and program instructions stored on at least one of theone or more storage devices for execution by at least one of the one ormore processors via at least one of the one or more memories, the storedprogram instructions comprising: program instructions to monitor, byintercepting a natural language communication of a protected party, thecommunication, wherein the protected party is a human being; programinstructions to detect, within the monitored communication using anatural language processing engine, a natural language interactionbetween the protected party and a second party; program instructions toanalyze, to determine an interaction pattern, the natural languageinteraction, the interaction pattern comprising data derived from themonitored communication, metadata of the protected party, and metadataof the second party; program instructions to predict, using theinteraction pattern and an interaction behavior model, an adverse resultof the natural language interaction, wherein the adverse resultcomprises an economic loss to the protected party; and programinstructions to intercept, by notifying the protected party, thepredicted adverse result.
 20. The computer system of claim 19, whereinthe interaction behavior model comprises a set of rules, a rule in theset of rules comprising an interaction pattern predictive of an adverseresult.